Skip to content
More support
  • There are no suggestions because the search field is empty.

How to Configure Azure AD SSO for VIP Software

This guide walks you through setting up Single Sign-On (SSO) using Azure Active Directory (Azure AD) for VIP Software’s BAP and Invision platforms. It applies to both Staging and Production environments.

 

Step 1: Prerequisites

Before you begin:

  • Ensure you’ve created an Enterprise Application in Azure AD.
  • Select SAML as the sign-on method.

 

Step 2: Configure Basic SAML Settings

Navigate to:
Azure AD → Enterprise Applications → Single sign-on → SAML

Use the appropriate URLs based on your environment:

Staging

  • BAP: https://www.stagingnew.vipbap.com/Default.aspx
  • Invision: https://www.staging.vipinvision.com/Default.aspx

Production

  • BAP: https://www.vipbap.com/Default.aspx
  • Invision: https://www.vipinvision.com/Default.aspx

Example Configuration for Staging BAP:

Field Value
Identifier (Entity ID) | https://stagingnew.vipbap.com/Default.aspx
Reply URL (ACS URL) | https://stagingnew.vipbap.com/Default.aspx
Sign-on URL | https://www.stagingnew.vipbap.com/Default.aspx
Relay State (Optional) | Leave blank
Logout URL (Optional) | Leave blank

Notes:

  • URLs are case-sensitive and must use HTTPS.
  • Do not mix staging and production URLs.

 

Step 3: Configure Attributes & Claims

Add the following claims:

Attribute Value
Firstname |user.givenname
Lastname user.surname
Email user.mail
Unique User Identifier user.mail

These claims must match exactly. The Unique User Identifier should be unique per user (typically their email).

Example of setting up the Email attribute:

 

Step 4: Upload SAML Signing Certificate

  1. In the SAML Certificates section, download either:
    • Federation Metadata XML, or
    • Base64 Certificate
  2. Send the certificate file to your VIP Software contact for integration.

 

Step 5: Assign Users

  1. Go to the Users and groups tab in the Azure AD Enterprise Application.
  2. Assign users or groups who need access.
  3. Ensure each user has a valid email that matches their VIP account.

 

Step 6: Test the SSO Connection

After setup and certificate validation:

  1. Request your company-specific login URL from VIP Software.
    Example:
    https://www.vipbap.com/Default.aspx?CompanyId=AbCdEf1234567890GhIjKl==
  2. Open the URL in a browser while signed into Azure AD.
  3. If configured correctly, you’ll be authenticated and redirected into VIP.
  4. If login fails, verify:
    • Correct environment URL was used
    • Claims match the configuration
    • SAML certificate is valid
    • User/group is assigned to the application

 

Step 7: Support Contact

If you encounter issues, contact:

VIP Software Support
📧 Email: support@vipsoftware.com

Include:

  • Screenshot of your SAML Configuration
  • Error message or correlation ID
  • Company-specific login URL
  • SAML trace (if available)